Skip to content

Commit 4ee7067

Browse files
UID2-7456: suppress CVE-2026-56131/56407/56408 (libexpat) in .trivyignore (#423)
1 parent 1f9a0ff commit 4ee7067

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

.trivyignore

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,13 @@ CVE-2026-54513 exp:2026-07-25
3030
# eclipse-temurin base image has not yet been rebuilt with it.
3131
# See: UID2-7376
3232
CVE-2026-2100 exp:2026-09-01
33+
34+
# CVE-2026-56131 / CVE-2026-56407 / CVE-2026-56408 — libexpat stack exhaustion / integer overflows
35+
# in the Alpine base image. uid2-core is a pure Java service; the JVM parses XML via the built-in
36+
# JAXP/Xerces implementation, not the native libexpat C library, and there are no JNI bindings or
37+
# native deps that call into libexpat, so the crafted-XML attack path is not reachable. Fixed in
38+
# Alpine v3.23 libexpat >= 2.8.2-r0; the pinned eclipse-temurin base image has not yet been rebuilt with it.
39+
# See: UID2-7456
40+
CVE-2026-56131 exp:2026-08-09
41+
CVE-2026-56407 exp:2026-08-09
42+
CVE-2026-56408 exp:2026-08-09

0 commit comments

Comments
 (0)